{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "PSL (Public Suffix List) validation bypass",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "PSL Validation Bypass in Apache HttpClient 5.4.x",
              "lang": "en"
            }
          ]
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache HttpComponents",
          "versions": [
            {
              "status": "affected",
              "version": "5.4.0",
              "lessThan": "5.4.3",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<code>A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release<br></code>"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/apache/httpcomponents-client/pull/574",
          "tags": [
            "patch"
          ]
        },
        {
          "url": "https://github.com/apache/httpcomponents-client/pull/621",
          "tags": [
            "patch"
          ]
        },
        {
          "url": "https://hc.apache.org/httpcomponents-client-5.4.x/index.html",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "moderate"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joe Gallo",
          "type": "remediation developer"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2025-27820",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}